Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.Buffer overflow in glob with GLOB_TILDEThe GNU C Library before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.Denial of service in getnetbyname functionThe nss_dns implementation of getnetbyname in GNU C Library before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service by sending a positive answer while a network name is being process.DNS resolver NULL pointer dereference with crafted record typeres_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service .realpath buffer underflow when getcwd returns relative path allows privilege escalationIn glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.Buffer overflow during unescaping of user names with the ~ operatorThe glob function in glob.c in the GNU C Library before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.